TROYANOSYVIRUS
Voltar para CVEs

CVE-2020-3259

HIGHCISA KEV
7.5

Descricao

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.

Detalhes CVE

Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado5/6/2020
Ultima modificacao10/28/2025
Fontekev
Avistamentos honeypot0

CISA KEV

FornecedorCisco
ProdutoAdaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
Nome da vulnerabilidadeCisco ASA and FTD Information Disclosure Vulnerability
Data inclusao KEV2024-02-15
Prazo de remediacao2024-03-07
Uso em ransomwareKnown

Produtos afetados

cisco:adaptive_security_appliance_softwarecisco:firepower_threat_defense

Fraquezas (CWE)

CWE-200

Referencias

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB(psirt@cisco.com)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3259(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.